On an annual basis, million of dollars are spent on the process of collecting, storing, securing, and retrieving data. With modern computer system, data may be electronically stored in an easily retrievable medium, such as a database, which is a structured collection of data. To manage the database, a database management system (e.g., Oracle®, Microsoft® Access™, Microsoft® SQL Server™, MySQL™, FileMaker® and the like) may be employed to organize, store, and retrieve the data.
Although a database may be manually updated, most database management systems do not provide friendly user interfaces. Instead, independent applications have been developed to enable users to interact with the database management systems. In an example, a company may have a Microsoft® Access™ database storing information about its employees. The human resource department may interact with the database through a human resource management program that has been specifically tailored to enable the human resource representatives to update and retrieve data about employees.
Since each database management system may have a unique structure, an open database connectivity (ODBC) application programming interface (API) may be provided in order to enable an application to interact with any database management system. The ODBC API may include, but are not limited to, a driver manager and a set of drivers. With the ODBC API, each application does not have to be modified in order to interact with a specific database management system. Instead, the ODBC API is configured to accept function calls (e.g., application requests) from applications and translate the function calls into a format that the database can accept and/or understand. Thus, regardless if one company has a Microsoft® Access™ database while another one has an Oracle® database, the same application may be employed since the ODBC API includes a set of drivers that may be configured to handle the interaction between an application and a database.
Unfortunately, the current ODBC API arrangement provides little or no protection against unauthorized users accessing the database. In the example above, an unauthorized user may employ the human resource management program to access data stored on the employee database. For many database management systems, once a user is able to log onto an application that allows a user access to a database, little or no security measure has been implemented to prevent the user from accessing the data. Thus, confidential data leakage may occur. In many instances, no record is kept of the user who is trying to access the data, thereby providing the information technology (IT) department with insufficient data to track the unauthorized user.
In another example, an unauthorized user may employ the human resource management program to insert malicious data into the database. The current ODBC API arrangement may not provide a method for preventing malicious data to be added to the database. In addition, the current ODBC API arrangement provides little or no protection for a user's computer system when the computer system is inadvertently exposed to malicious content stored on a database when data with malicious content is retrieved from the database.